Searching \ for '[PIC] protected code' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: massmind.org/techref/microchip/devices.htm?key=pic
Search entire site for: 'protected code'.

Exact match. Not showing close matches.
PICList Thread
'[PIC] protected code'
2009\05\20@100930 by alan smith

picon face

Setting the code protect config bits is supposed to give you a layer of protection, when at least trying to read back from the actual device.  I wont get into the discussion about how that can be gotten around.

My question is...when you generate a hex file with these set, can it be dissassembled..ie..is the code protect only valid for reading back from the device.

The basis for the question is a client wants to put code updates for a product on his website, so anyone can download but doesnt want someone to easily able to reverse engineer it.  I wasnt sure if this protects the hex file.


     

2009\05\20@102737 by Xiaofan Chen

face picon face
On Wed, May 20, 2009 at 10:09 PM, alan smith <spam_OUTmicro_eng2TakeThisOuTspamyahoo.com> wrote:

> My question is...when you generate a hex file with these set,
>can it be dissassembled..ie..is the code protect only valid for
>reading back from the device.

Of course it can be disassembled if you post the hex file.
You may have to encrypt the hex file with certain method.

--
Xiaofan http://mcuee.blogspot.com

2009\05\20@103854 by Michael Rigby-Jones

flavicon
face



> -----Original Message-----
> From: .....piclist-bouncesKILLspamspam@spam@mit.edu [piclist-bouncesspamKILLspammit.edu] On
Behalf
> Of alan smith
> Sent: 20 May 2009 15:09
> To: Microcontroller discussion list - Public.
> Subject: [PIC] protected code
>
>
> Setting the code protect config bits is supposed to give you a layer
of
> protection, when at least trying to read back from the actual device.
I
> wont get into the discussion about how that can be gotten around.
>
> My question is...when you generate a hex file with these set, can it
be
> dissassembled..ie..is the code protect only valid for reading back
from
> the device.
>
> The basis for the question is a client wants to put code updates for a
> product on his website, so anyone can download but doesnt want someone
to
> easily able to reverse engineer it.  I wasnt sure if this protects the
hex
> file.
>

The code protect bits purely relate to the PIC micro, and prevent useful
code being read out via the programming pins.  They have nothing to do
with the hex file generated by your assembler/compiler.  If you feel you
need to protect the hex file, you will need to encrypt it in some manner
and give legitimate owners the ability to decrypt it through e.g. a
custom programming tool or via a special bootloader pre-programmed into
the product.

Regards

Mike

=======================================================================
This e-mail is intended for the person it is addressed to only. The
information contained in it may be confidential and/or protected by
law. If you are not the intended recipient of this message, you must
not make any use of this information, or copy or show it to any
person. Please contact us immediately to tell us that you have
received this e-mail, and return the original to us. Any use,
forwarding, printing or copying of this message is strictly prohibited.
No part of this message can be considered a request for goods or
services.
=======================================================================

2009\05\20@104211 by olin piclist

face picon face
alan smith wrote:
> My question is...when you generate a hex file with these set, can it
> be dissassembled..ie..is the code protect only valid for reading back
> from the device.

Take two deep breaths and try to actually *think* a little.  How do you
expect specific data in the HEX file to keep people from reading it?  And if
it did, how would the programmer software know how to read it?  And even if
programmer software had a means to decrypt a encrypted HEX file, what would
prevent others from using the same decryption means, considering there are
plenty of third party open source programmer applications out there that
work fine whether you set the code protect bits or not.


********************************************************************
Embed Inc, Littleton Massachusetts, http://www.embedinc.com/products
(978) 742-9014.  Gold level PIC consultants since 2000.

2009\05\20@104426 by Alan B. Pearce

face picon face
>The basis for the question is a client wants to put code updates
>for a product on his website, so anyone can download but doesnt
>want someone to easily able to reverse engineer it.  I wasnt sure
>if this protects the hex file.

No it doesn't, it only protects against readback from the device.

To be able to do what your client wants to do, you need a bootloader on the
PIC that can deal with encrypted download files. Microchip have a number of
app notes on bootloaders, and it would be possible to add decryption to
them. XTEA seems to be popular because it is compact and fast, while being
suitably secure.

You don't say what device your client is using, but you do need to note that
not all mid-range devices can use a bootloader. I believe all current 18F
and larger devices can use a bootloader - but check first.

2009\05\20@105144 by Ricardo de Azambuja

picon face
One could encrypt a formula or a function inside a assembly file and
then generate the hex file. This way everybody could use the code
without knowing exactly how it do the things, but someone else always
could do a reverse engineering...


[ ]s

---------------------------------
Ricardo de Azambuja
http://www.azamec.com.br



On Wed, May 20, 2009 at 11:43 AM, Olin Lathrop
<.....olin_piclistKILLspamspam.....embedinc.com> wrote:
{Quote hidden}

>

2009\05\20@105739 by John Coppens

flavicon
face
On Wed, 20 May 2009 07:09:29 -0700 (PDT)
alan smith <EraseMEmicro_eng2spam_OUTspamTakeThisOuTyahoo.com> wrote:

> My question is...when you generate a hex file with these set, can it be
> dissassembled..ie..is the code protect only valid for reading back from
> the device.
>
> The basis for the question is a client wants to put code updates for a
> product on his website, so anyone can download but doesnt want someone
> to easily able to reverse engineer it.  I wasnt sure if this protects
> the hex file.

Easiest solution: Compress the HEX file with RAR, ZIP or whatever, and
use a password. Publish on the 'net, and give the password only to the
correct users.

John

2009\05\20@110137 by alan smith

picon face

Well thats what I figured...but now and then the obvious isnt so...and I told this to the client but he was.."but its code protected".  So figured I would simply ask, making sure I didnt overlook something.  The conversation will go..."like I told you"..."did you ask anyone?"..."Yes"..

--- On Wed, 5/20/09, Olin Lathrop <olin_piclistspamspam_OUTembedinc.com> wrote:

{Quote hidden}

> -

2009\05\20@111149 by olin piclist

face picon face
John Coppens wrote:
> Easiest solution: Compress the HEX file with RAR, ZIP or whatever, and
> use a password. Publish on the 'net, and give the password only to the
> correct users.

Who will the post it on the web.

********************************************************************
Embed Inc, Littleton Massachusetts, http://www.embedinc.com/products
(978) 742-9014.  Gold level PIC consultants since 2000.

2009\05\20@111411 by Tamas Rudnai

face picon face
You can use TEA for example

http://en.wikipedia.org/wiki/Tiny_Encryption_Algorithm

...and I remember somebody was talking about encrypted bootloader here in a
while ago so if you search on PicList archive you will find it for sure.
Sorry for my short memory.

Tamas


On Wed, May 20, 2009 at 4:01 PM, alan smith <RemoveMEmicro_eng2TakeThisOuTspamyahoo.com> wrote:

{Quote hidden}

2009\05\20@111916 by Harold Hallikainen

face
flavicon
face

> John Coppens wrote:
>> Easiest solution: Compress the HEX file with RAR, ZIP or whatever, and
>> use a password. Publish on the 'net, and give the password only to the
>> correct users.
>
> Who will the[n] post it on the web.

To be secure, I think the decryption has to happen in the bootloader with
the key in the code protected bootloader.

Harold

--
FCC Rules Updated Daily at http://www.hallikainen.com - Advertising
opportunities available!

2009\05\20@112644 by Mark Rages

face picon face
On Wed, May 20, 2009 at 9:57 AM, John Coppens <johnEraseMEspam.....jcoppens.com> wrote:

> On Wed, 20 May 2009 07:09:29 -0700 (PDT)
> alan smith <EraseMEmicro_eng2spamyahoo.com> wrote:
>
> > My question is...when you generate a hex file with these set, can it be
> > dissassembled..ie..is the code protect only valid for reading back from
> > the device.
> >
> > The basis for the question is a client wants to put code updates for a
> > product on his website, so anyone can download but doesnt want someone
> > to easily able to reverse engineer it.  I wasnt sure if this protects
> > the hex file.
>
> Easiest solution: Compress the HEX file with RAR, ZIP or whatever, and
> use a password. Publish on the 'net, and give the password only to the
> correct users.
>

This is probably the best answer, but hex files are so small that you could
just give the hex file to the correct users and have similar security with
less hassle.

Zip encryption is subject to a plaintext attack if you include a known or
guessable file in the archive.  I wouldn't use it for serious encryption.  I
know nothing about RAR encryption.

Regards,
Mark
markrages@gmail
--
Mark Rages, Engineer
Midwest Telecine LLC
RemoveMEmarkragesEraseMEspamEraseMEmidwesttelecine.com

2009\05\20@114837 by Herbert Graf

picon face
On Wed, 2009-05-20 at 07:09 -0700, alan smith wrote:
> Setting the code protect config bits is supposed to give you a layer of protection, when at least trying to read back from the actual device.  I wont get into the discussion about how that can be gotten around.
>
> My question is...when you generate a hex file with these set, can it be dissassembled..ie..is the code protect only valid for reading back from the device.
>
> The basis for the question is a client wants to put code updates for a product on his website, so anyone can download but doesnt want someone to easily able to reverse engineer it.  I wasnt sure if this protects the hex file.

The code protect bit is just a setting in the PIC's config space, aside
from that bit being flipped in the hex file there is no difference in
the hex file.

TTYL

2009\05\20@155042 by Richard Prosser

picon face
If the client is determined that his clients have web access to the
hex file, why not get him to setup a password secured web page?

RP

2009/5/21 Herbert Graf <RemoveMEhkgrafspam_OUTspamKILLspamgmail.com>:
{Quote hidden}

>

2009\05\20@160728 by Vitaliy

flavicon
face
Richard Prosser wrote:
>If the client is determined that his clients have web access to the
hex file, why not get him to setup a password secured web page?<

Because he doesn't want people to take his HEX file and use it in someone
else's device.

Bootloader with encryption is the way to go.

Vitaliy


More... (looser matching)
- Last day of these posts
- In 2009 , 2010 only
- Today
- New search...